mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-09-07 04:03:20 +00:00
Rename masterConfig to controlPlaneConfig
This commit is contained in:
Mengjiao Liu
@@ -55,10 +55,10 @@ func alwaysAlice(req *http.Request) (*authenticator.Response, bool, error) {
|
||||
}
|
||||
|
||||
func TestSubjectAccessReview(t *testing.T) {
|
||||
masterConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
masterConfig.GenericConfig.Authentication.Authenticator = authenticator.RequestFunc(alwaysAlice)
|
||||
masterConfig.GenericConfig.Authorization.Authorizer = sarAuthorizer{}
|
||||
_, s, closeFn := framework.RunAnAPIServer(masterConfig)
|
||||
controlPlaneConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
controlPlaneConfig.GenericConfig.Authentication.Authenticator = authenticator.RequestFunc(alwaysAlice)
|
||||
controlPlaneConfig.GenericConfig.Authorization.Authorizer = sarAuthorizer{}
|
||||
_, s, closeFn := framework.RunAnAPIServer(controlPlaneConfig)
|
||||
defer closeFn()
|
||||
|
||||
clientset := clientset.NewForConfigOrDie(&restclient.Config{Host: s.URL})
|
||||
@@ -146,14 +146,14 @@ func TestSubjectAccessReview(t *testing.T) {
|
||||
|
||||
func TestSelfSubjectAccessReview(t *testing.T) {
|
||||
username := "alice"
|
||||
masterConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
masterConfig.GenericConfig.Authentication.Authenticator = authenticator.RequestFunc(func(req *http.Request) (*authenticator.Response, bool, error) {
|
||||
controlPlaneConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
controlPlaneConfig.GenericConfig.Authentication.Authenticator = authenticator.RequestFunc(func(req *http.Request) (*authenticator.Response, bool, error) {
|
||||
return &authenticator.Response{
|
||||
User: &user.DefaultInfo{Name: username},
|
||||
}, true, nil
|
||||
})
|
||||
masterConfig.GenericConfig.Authorization.Authorizer = sarAuthorizer{}
|
||||
_, s, closeFn := framework.RunAnAPIServer(masterConfig)
|
||||
controlPlaneConfig.GenericConfig.Authorization.Authorizer = sarAuthorizer{}
|
||||
_, s, closeFn := framework.RunAnAPIServer(controlPlaneConfig)
|
||||
defer closeFn()
|
||||
|
||||
clientset := clientset.NewForConfigOrDie(&restclient.Config{Host: s.URL})
|
||||
@@ -229,10 +229,10 @@ func TestSelfSubjectAccessReview(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestLocalSubjectAccessReview(t *testing.T) {
|
||||
masterConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
masterConfig.GenericConfig.Authentication.Authenticator = authenticator.RequestFunc(alwaysAlice)
|
||||
masterConfig.GenericConfig.Authorization.Authorizer = sarAuthorizer{}
|
||||
_, s, closeFn := framework.RunAnAPIServer(masterConfig)
|
||||
controlPlaneConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
controlPlaneConfig.GenericConfig.Authentication.Authenticator = authenticator.RequestFunc(alwaysAlice)
|
||||
controlPlaneConfig.GenericConfig.Authorization.Authorizer = sarAuthorizer{}
|
||||
_, s, closeFn := framework.RunAnAPIServer(controlPlaneConfig)
|
||||
defer closeFn()
|
||||
|
||||
clientset := clientset.NewForConfigOrDie(&restclient.Config{Host: s.URL})
|
||||
|
||||
@@ -439,9 +439,9 @@ func getTestRequests(namespace string) []struct {
|
||||
//
|
||||
// TODO(etune): write a fuzz test of the REST API.
|
||||
func TestAuthModeAlwaysAllow(t *testing.T) {
|
||||
// Set up a master
|
||||
masterConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
_, s, closeFn := framework.RunAnAPIServer(masterConfig)
|
||||
// Set up an API server
|
||||
controlPlaneConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
_, s, closeFn := framework.RunAnAPIServer(controlPlaneConfig)
|
||||
defer closeFn()
|
||||
|
||||
ns := framework.CreateTestingNamespace("auth-always-allow", s, t)
|
||||
@@ -536,10 +536,10 @@ func getPreviousResourceVersionKey(url, id string) string {
|
||||
}
|
||||
|
||||
func TestAuthModeAlwaysDeny(t *testing.T) {
|
||||
// Set up a master
|
||||
masterConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
masterConfig.GenericConfig.Authorization.Authorizer = authorizerfactory.NewAlwaysDenyAuthorizer()
|
||||
_, s, closeFn := framework.RunAnAPIServer(masterConfig)
|
||||
// Set up an API server
|
||||
controlPlaneConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
controlPlaneConfig.GenericConfig.Authorization.Authorizer = authorizerfactory.NewAlwaysDenyAuthorizer()
|
||||
_, s, closeFn := framework.RunAnAPIServer(controlPlaneConfig)
|
||||
defer closeFn()
|
||||
|
||||
ns := framework.CreateTestingNamespace("auth-always-deny", s, t)
|
||||
@@ -585,11 +585,11 @@ func (allowAliceAuthorizer) Authorize(ctx context.Context, a authorizer.Attribut
|
||||
func TestAliceNotForbiddenOrUnauthorized(t *testing.T) {
|
||||
// This file has alice and bob in it.
|
||||
|
||||
// Set up a master
|
||||
masterConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
masterConfig.GenericConfig.Authentication.Authenticator = getTestTokenAuth()
|
||||
masterConfig.GenericConfig.Authorization.Authorizer = allowAliceAuthorizer{}
|
||||
_, s, closeFn := framework.RunAnAPIServer(masterConfig)
|
||||
// Set up an API server
|
||||
controlPlaneConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
controlPlaneConfig.GenericConfig.Authentication.Authenticator = getTestTokenAuth()
|
||||
controlPlaneConfig.GenericConfig.Authorization.Authorizer = allowAliceAuthorizer{}
|
||||
_, s, closeFn := framework.RunAnAPIServer(controlPlaneConfig)
|
||||
defer closeFn()
|
||||
|
||||
ns := framework.CreateTestingNamespace("auth-alice-not-forbidden", s, t)
|
||||
@@ -655,10 +655,10 @@ func TestAliceNotForbiddenOrUnauthorized(t *testing.T) {
|
||||
// should receive "Forbidden".
|
||||
func TestBobIsForbidden(t *testing.T) {
|
||||
// This file has alice and bob in it.
|
||||
masterConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
masterConfig.GenericConfig.Authentication.Authenticator = getTestTokenAuth()
|
||||
masterConfig.GenericConfig.Authorization.Authorizer = allowAliceAuthorizer{}
|
||||
_, s, closeFn := framework.RunAnAPIServer(masterConfig)
|
||||
controlPlaneConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
controlPlaneConfig.GenericConfig.Authentication.Authenticator = getTestTokenAuth()
|
||||
controlPlaneConfig.GenericConfig.Authorization.Authorizer = allowAliceAuthorizer{}
|
||||
_, s, closeFn := framework.RunAnAPIServer(controlPlaneConfig)
|
||||
defer closeFn()
|
||||
|
||||
ns := framework.CreateTestingNamespace("auth-bob-forbidden", s, t)
|
||||
@@ -698,11 +698,11 @@ func TestBobIsForbidden(t *testing.T) {
|
||||
func TestUnknownUserIsUnauthorized(t *testing.T) {
|
||||
// This file has alice and bob in it.
|
||||
|
||||
// Set up a master
|
||||
masterConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
masterConfig.GenericConfig.Authentication.Authenticator = getTestTokenAuth()
|
||||
masterConfig.GenericConfig.Authorization.Authorizer = allowAliceAuthorizer{}
|
||||
_, s, closeFn := framework.RunAnAPIServer(masterConfig)
|
||||
// Set up an API server
|
||||
controlPlaneConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
controlPlaneConfig.GenericConfig.Authentication.Authenticator = getTestTokenAuth()
|
||||
controlPlaneConfig.GenericConfig.Authorization.Authorizer = allowAliceAuthorizer{}
|
||||
_, s, closeFn := framework.RunAnAPIServer(controlPlaneConfig)
|
||||
defer closeFn()
|
||||
|
||||
ns := framework.CreateTestingNamespace("auth-unknown-unauthorized", s, t)
|
||||
@@ -760,11 +760,11 @@ func (impersonateAuthorizer) Authorize(ctx context.Context, a authorizer.Attribu
|
||||
}
|
||||
|
||||
func TestImpersonateIsForbidden(t *testing.T) {
|
||||
// Set up a master
|
||||
masterConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
masterConfig.GenericConfig.Authentication.Authenticator = getTestTokenAuth()
|
||||
masterConfig.GenericConfig.Authorization.Authorizer = impersonateAuthorizer{}
|
||||
_, s, closeFn := framework.RunAnAPIServer(masterConfig)
|
||||
// Set up an API server
|
||||
controlPlaneConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
controlPlaneConfig.GenericConfig.Authentication.Authenticator = getTestTokenAuth()
|
||||
controlPlaneConfig.GenericConfig.Authorization.Authorizer = impersonateAuthorizer{}
|
||||
_, s, closeFn := framework.RunAnAPIServer(controlPlaneConfig)
|
||||
defer closeFn()
|
||||
|
||||
ns := framework.CreateTestingNamespace("auth-impersonate-forbidden", s, t)
|
||||
@@ -907,11 +907,11 @@ func (a *trackingAuthorizer) Authorize(ctx context.Context, attributes authorize
|
||||
func TestAuthorizationAttributeDetermination(t *testing.T) {
|
||||
trackingAuthorizer := &trackingAuthorizer{}
|
||||
|
||||
// Set up a master
|
||||
masterConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
masterConfig.GenericConfig.Authentication.Authenticator = getTestTokenAuth()
|
||||
masterConfig.GenericConfig.Authorization.Authorizer = trackingAuthorizer
|
||||
_, s, closeFn := framework.RunAnAPIServer(masterConfig)
|
||||
// Set up an API server
|
||||
controlPlaneConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
controlPlaneConfig.GenericConfig.Authentication.Authenticator = getTestTokenAuth()
|
||||
controlPlaneConfig.GenericConfig.Authorization.Authorizer = trackingAuthorizer
|
||||
_, s, closeFn := framework.RunAnAPIServer(controlPlaneConfig)
|
||||
defer closeFn()
|
||||
|
||||
ns := framework.CreateTestingNamespace("auth-attribute-determination", s, t)
|
||||
@@ -973,11 +973,11 @@ func TestNamespaceAuthorization(t *testing.T) {
|
||||
a := newAuthorizerWithContents(t, `{"namespace": "auth-namespace"}
|
||||
`)
|
||||
|
||||
// Set up a master
|
||||
masterConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
masterConfig.GenericConfig.Authentication.Authenticator = getTestTokenAuth()
|
||||
masterConfig.GenericConfig.Authorization.Authorizer = a
|
||||
_, s, closeFn := framework.RunAnAPIServer(masterConfig)
|
||||
// Set up an API server
|
||||
controlPlaneConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
controlPlaneConfig.GenericConfig.Authentication.Authenticator = getTestTokenAuth()
|
||||
controlPlaneConfig.GenericConfig.Authorization.Authorizer = a
|
||||
_, s, closeFn := framework.RunAnAPIServer(controlPlaneConfig)
|
||||
defer closeFn()
|
||||
|
||||
ns := framework.CreateTestingNamespace("auth-namespace", s, t)
|
||||
@@ -1071,11 +1071,11 @@ func TestKindAuthorization(t *testing.T) {
|
||||
a := newAuthorizerWithContents(t, `{"resource": "services"}
|
||||
`)
|
||||
|
||||
// Set up a master
|
||||
masterConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
masterConfig.GenericConfig.Authentication.Authenticator = getTestTokenAuth()
|
||||
masterConfig.GenericConfig.Authorization.Authorizer = a
|
||||
_, s, closeFn := framework.RunAnAPIServer(masterConfig)
|
||||
// Set up an API server
|
||||
controlPlaneConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
controlPlaneConfig.GenericConfig.Authentication.Authenticator = getTestTokenAuth()
|
||||
controlPlaneConfig.GenericConfig.Authorization.Authorizer = a
|
||||
_, s, closeFn := framework.RunAnAPIServer(controlPlaneConfig)
|
||||
defer closeFn()
|
||||
|
||||
ns := framework.CreateTestingNamespace("auth-kind", s, t)
|
||||
@@ -1155,11 +1155,11 @@ func TestReadOnlyAuthorization(t *testing.T) {
|
||||
// This file has alice and bob in it.
|
||||
a := newAuthorizerWithContents(t, `{"readonly": true}`)
|
||||
|
||||
// Set up a master
|
||||
masterConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
masterConfig.GenericConfig.Authentication.Authenticator = getTestTokenAuth()
|
||||
masterConfig.GenericConfig.Authorization.Authorizer = a
|
||||
_, s, closeFn := framework.RunAnAPIServer(masterConfig)
|
||||
// Set up an API server
|
||||
controlPlaneConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
controlPlaneConfig.GenericConfig.Authentication.Authenticator = getTestTokenAuth()
|
||||
controlPlaneConfig.GenericConfig.Authorization.Authorizer = a
|
||||
_, s, closeFn := framework.RunAnAPIServer(controlPlaneConfig)
|
||||
defer closeFn()
|
||||
|
||||
ns := framework.CreateTestingNamespace("auth-read-only", s, t)
|
||||
@@ -1232,11 +1232,11 @@ func testWebhookTokenAuthenticator(customDialer bool, t *testing.T) {
|
||||
t.Fatalf("error starting webhook token authenticator server: %v", err)
|
||||
}
|
||||
|
||||
// Set up a master
|
||||
masterConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
masterConfig.GenericConfig.Authentication.Authenticator = authenticator
|
||||
masterConfig.GenericConfig.Authorization.Authorizer = allowAliceAuthorizer{}
|
||||
_, s, closeFn := framework.RunAnAPIServer(masterConfig)
|
||||
// Set up an API server
|
||||
controlPlaneConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
controlPlaneConfig.GenericConfig.Authentication.Authenticator = authenticator
|
||||
controlPlaneConfig.GenericConfig.Authorization.Authorizer = allowAliceAuthorizer{}
|
||||
_, s, closeFn := framework.RunAnAPIServer(controlPlaneConfig)
|
||||
defer closeFn()
|
||||
|
||||
ns := framework.CreateTestingNamespace("auth-webhook-token", s, t)
|
||||
|
||||
@@ -116,10 +116,10 @@ func TestBootstrapTokenAuth(t *testing.T) {
|
||||
for _, test := range tests {
|
||||
|
||||
authenticator := bearertoken.New(bootstrap.NewTokenAuthenticator(bootstrapSecrets{test.secret}))
|
||||
// Set up a master
|
||||
masterConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
masterConfig.GenericConfig.Authentication.Authenticator = authenticator
|
||||
_, s, closeFn := framework.RunAnAPIServer(masterConfig)
|
||||
// Set up an API server
|
||||
controlPlaneConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
controlPlaneConfig.GenericConfig.Authentication.Authenticator = authenticator
|
||||
_, s, closeFn := framework.RunAnAPIServer(controlPlaneConfig)
|
||||
defer closeFn()
|
||||
|
||||
ns := framework.CreateTestingNamespace("auth-bootstrap-token", s, t)
|
||||
|
||||
@@ -519,9 +519,9 @@ func TestRBAC(t *testing.T) {
|
||||
|
||||
for i, tc := range tests {
|
||||
// Create an API Server.
|
||||
masterConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
masterConfig.GenericConfig.Authorization.Authorizer = newRBACAuthorizer(t, masterConfig)
|
||||
masterConfig.GenericConfig.Authentication.Authenticator = bearertoken.New(tokenfile.New(map[string]*user.DefaultInfo{
|
||||
controlPlaneConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
controlPlaneConfig.GenericConfig.Authorization.Authorizer = newRBACAuthorizer(t, controlPlaneConfig)
|
||||
controlPlaneConfig.GenericConfig.Authentication.Authenticator = bearertoken.New(tokenfile.New(map[string]*user.DefaultInfo{
|
||||
superUser: {Name: "admin", Groups: []string{"system:masters"}},
|
||||
"any-rolebinding-writer": {Name: "any-rolebinding-writer"},
|
||||
"any-rolebinding-writer-namespace": {Name: "any-rolebinding-writer-namespace"},
|
||||
@@ -534,8 +534,8 @@ func TestRBAC(t *testing.T) {
|
||||
"limitrange-patcher": {Name: "limitrange-patcher"},
|
||||
"user-with-no-permissions": {Name: "user-with-no-permissions"},
|
||||
}))
|
||||
masterConfig.GenericConfig.OpenAPIConfig = framework.DefaultOpenAPIConfig()
|
||||
_, s, closeFn := framework.RunAnAPIServer(masterConfig)
|
||||
controlPlaneConfig.GenericConfig.OpenAPIConfig = framework.DefaultOpenAPIConfig()
|
||||
_, s, closeFn := framework.RunAnAPIServer(controlPlaneConfig)
|
||||
defer closeFn()
|
||||
|
||||
clientConfig := &restclient.Config{Host: s.URL, ContentConfig: restclient.ContentConfig{NegotiatedSerializer: legacyscheme.Codecs}}
|
||||
@@ -642,12 +642,12 @@ func TestRBAC(t *testing.T) {
|
||||
func TestBootstrapping(t *testing.T) {
|
||||
superUser := "admin/system:masters"
|
||||
|
||||
masterConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
masterConfig.GenericConfig.Authorization.Authorizer = newRBACAuthorizer(t, masterConfig)
|
||||
masterConfig.GenericConfig.Authentication.Authenticator = bearertoken.New(tokenfile.New(map[string]*user.DefaultInfo{
|
||||
controlPlaneConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
controlPlaneConfig.GenericConfig.Authorization.Authorizer = newRBACAuthorizer(t, controlPlaneConfig)
|
||||
controlPlaneConfig.GenericConfig.Authentication.Authenticator = bearertoken.New(tokenfile.New(map[string]*user.DefaultInfo{
|
||||
superUser: {Name: "admin", Groups: []string{"system:masters"}},
|
||||
}))
|
||||
_, s, closeFn := framework.RunAnAPIServer(masterConfig)
|
||||
_, s, closeFn := framework.RunAnAPIServer(controlPlaneConfig)
|
||||
defer closeFn()
|
||||
|
||||
clientset := clientset.NewForConfigOrDie(&restclient.Config{BearerToken: superUser, Host: s.URL})
|
||||
@@ -703,12 +703,12 @@ func TestDiscoveryUpgradeBootstrapping(t *testing.T) {
|
||||
|
||||
superUser := "admin/system:masters"
|
||||
|
||||
masterConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
masterConfig.GenericConfig.Authorization.Authorizer = newRBACAuthorizer(t, masterConfig)
|
||||
masterConfig.GenericConfig.Authentication.Authenticator = bearertoken.New(tokenfile.New(map[string]*user.DefaultInfo{
|
||||
controlPlaneConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
controlPlaneConfig.GenericConfig.Authorization.Authorizer = newRBACAuthorizer(t, controlPlaneConfig)
|
||||
controlPlaneConfig.GenericConfig.Authentication.Authenticator = bearertoken.New(tokenfile.New(map[string]*user.DefaultInfo{
|
||||
superUser: {Name: "admin", Groups: []string{"system:masters"}},
|
||||
}))
|
||||
_, s, tearDownFn := framework.RunAnAPIServer(masterConfig)
|
||||
_, s, tearDownFn := framework.RunAnAPIServer(controlPlaneConfig)
|
||||
|
||||
client := clientset.NewForConfigOrDie(&restclient.Config{BearerToken: superUser, Host: s.URL})
|
||||
|
||||
@@ -752,7 +752,7 @@ func TestDiscoveryUpgradeBootstrapping(t *testing.T) {
|
||||
|
||||
// Check that upgraded API servers inherit `system:public-info-viewer` settings from
|
||||
// `system:discovery`, and respect auto-reconciliation annotations.
|
||||
_, s, tearDownFn = framework.RunAnAPIServer(masterConfig)
|
||||
_, s, tearDownFn = framework.RunAnAPIServer(controlPlaneConfig)
|
||||
|
||||
client = clientset.NewForConfigOrDie(&restclient.Config{BearerToken: superUser, Host: s.URL})
|
||||
|
||||
|
||||
@@ -83,10 +83,10 @@ func TestServiceAccountTokenCreate(t *testing.T) {
|
||||
gcs := &clientset.Clientset{}
|
||||
|
||||
// Start the server
|
||||
masterConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
masterConfig.GenericConfig.Authorization.Authorizer = authorizerfactory.NewAlwaysAllowAuthorizer()
|
||||
masterConfig.GenericConfig.Authentication.APIAudiences = aud
|
||||
masterConfig.GenericConfig.Authentication.Authenticator = bearertoken.New(
|
||||
controlPlaneConfig := framework.NewIntegrationTestControlPlaneConfig()
|
||||
controlPlaneConfig.GenericConfig.Authorization.Authorizer = authorizerfactory.NewAlwaysAllowAuthorizer()
|
||||
controlPlaneConfig.GenericConfig.Authentication.APIAudiences = aud
|
||||
controlPlaneConfig.GenericConfig.Authentication.Authenticator = bearertoken.New(
|
||||
serviceaccount.JWTTokenAuthenticator(
|
||||
[]string{iss},
|
||||
[]interface{}{&pk},
|
||||
@@ -110,16 +110,16 @@ func TestServiceAccountTokenCreate(t *testing.T) {
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
masterConfig.ExtraConfig.ServiceAccountIssuer = tokenGenerator
|
||||
masterConfig.ExtraConfig.ServiceAccountMaxExpiration = maxExpirationDuration
|
||||
masterConfig.GenericConfig.Authentication.APIAudiences = aud
|
||||
masterConfig.ExtraConfig.ExtendExpiration = true
|
||||
controlPlaneConfig.ExtraConfig.ServiceAccountIssuer = tokenGenerator
|
||||
controlPlaneConfig.ExtraConfig.ServiceAccountMaxExpiration = maxExpirationDuration
|
||||
controlPlaneConfig.GenericConfig.Authentication.APIAudiences = aud
|
||||
controlPlaneConfig.ExtraConfig.ExtendExpiration = true
|
||||
|
||||
masterConfig.ExtraConfig.ServiceAccountIssuerURL = iss
|
||||
masterConfig.ExtraConfig.ServiceAccountJWKSURI = ""
|
||||
masterConfig.ExtraConfig.ServiceAccountPublicKeys = []interface{}{&pk}
|
||||
controlPlaneConfig.ExtraConfig.ServiceAccountIssuerURL = iss
|
||||
controlPlaneConfig.ExtraConfig.ServiceAccountJWKSURI = ""
|
||||
controlPlaneConfig.ExtraConfig.ServiceAccountPublicKeys = []interface{}{&pk}
|
||||
|
||||
master, _, closeFn := framework.RunAnAPIServer(masterConfig)
|
||||
master, _, closeFn := framework.RunAnAPIServer(controlPlaneConfig)
|
||||
defer closeFn()
|
||||
|
||||
cs, err := clientset.NewForConfig(master.GenericAPIServer.LoopbackClientConfig)
|
||||
@@ -372,7 +372,7 @@ func TestServiceAccountTokenCreate(t *testing.T) {
|
||||
ObjectMeta: sa.ObjectMeta,
|
||||
}
|
||||
_, pc := serviceaccount.Claims(coresa, nil, nil, 0, 0, nil)
|
||||
tok, err := masterConfig.ExtraConfig.ServiceAccountIssuer.GenerateToken(sc, pc)
|
||||
tok, err := controlPlaneConfig.ExtraConfig.ServiceAccountIssuer.GenerateToken(sc, pc)
|
||||
if err != nil {
|
||||
t.Fatalf("err signing expired token: %v", err)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user